Typically, hospital patients' greatest fears revolve around needles or having to undergo surgery. Recent reports suggest that patients should be just as worried about what happens to their personal data during and after a hospital stay. According to a recent study, 94 percent of surveyed hospitals experienced data breaches during the past two years. The financial damage caused by these breaches to both patients and hospitals is extremely high. The annual average cost of data breaches within the American healthcare industry was estimated to be $6.87 billion. On average, each data breach resulted in a $1.2 million loss for the affected organization.
Although many medical data breaches are the result of hackers targeting hospital networks, the loss of improperly secured machinery is also part of the problem. For instance, Orthopedic Physician Associates recently announced that the organization had experienced a significant data breach after a laptop containing sensitive patient information including Social Security numbers, health insurance records and personal identification data was stolen from a vehicle. Although officials were able to retrieve the computer, they could not verify whether any patient data had been compromised. The organization notified its members of the breach and pledged to make changes to its data security management.
The impact of a network breach
An even more costly mistake occurred within Utah's Department of Health when it was the victim of repeated data breaches that resulted in the exposure of information belonging to hundreds of thousands of patients. The first attack occurred last year and reportedly affected as many as 780,000 patients. In addition, 280,000 Social Security numbers were compromised during the breach. Even after state officials vowed to recommit themselves to securing patient data, the department fell victim to another data breach earlier this year when an unencrypted device containing information about 6,000 patients was stolen. In response to these incidents, Utah Governor Gary Herbert signed a law calling on several state agencies to establish a data security plan that would fall in line with industry best practices.
Finding solutions to patient data loss
This pair of incidents represent the two main threats posed to patient data security by criminals. In the former instance, a physical device lacking proper security procedures was stolen from a healthcare employee. When physicians and researchers want to access sensitive patient data on a personal machine, they should use system restore applications to remove those files from their system when they are finished. On the other hand, incidents involving a network breach could be avoided with the use of application control software. If hackers are relying an malware to access data files, these tools can prevent them from running on a hospital's computers.